IT Security News Blast 7-13-2017

FDA late last year published new guidance documenting postmarket management of cybersecurity in medical devices. It seems prudent to recognize this guidance for exactly what it is: a wake-up call for the medical industry that we are in the 21st century and the potential for hacking any medical device, whether it is connected to a network or not, is a problem that must be taken seriously.

Faster Cyberattack Detection Can Limit Business Impact by 70%: Cyber adAPT, Aberdeen Group

The report also shows that improvements to detection and response speed following a data breach produces a median reduction of 30% in impact on the business, compared to the status quo*. […] The report describes a dynamic infrastructure, which includes a mix of traditional servers, private clouds, and public clouds as “the new normal”, and notes that its complexity means that using prevention-led methods cannot be successful 100% of the time.

Miscreants have been pillaging credit cards from Trump Hotels’ booking system

If you stayed at one of 14 Trump hotel properties between July 2016 and March 2017, there’s a chance your credit card data and other personal information may have been pilfered. […] Trump Hotels says that credit card numbers (including expiration dates and security codes) and cardholder names were taken. In some cases, phone numbers and addresses of hotel customers were snagged, too.

Kaspersky Lab found that the malicious code and techniques used in both attacks share similarities with earlier attacks widely attributed to the infamous Lazarus group — a North Korea-based hacking group responsible for series of attacks against commercial and government organisations globally. […] South Korea has been the target of cyberespionage attacks since at least 2013, but this is the first time that its ATMs have been targeted purely for financial gain[.]”

The military is struggling to keep service members with cyber skills in the military, despite growing demand for cyber operations.Rep. […] Aguilar’s amendment creates a Defense Department Cyber Workforce Development Pilot Program, giving the defense secretary funds for recruitment, training, professionalization and retention of cyber personnel. […] The amendment makes clear that the funds should not be used for salaries, but rather for incentive packages.

The new reality: how companies can protect themselves from cyber attacks

[It’s] becoming apparent that money isn’t the primary motivator – it’s the access to an organisation’s sensitive data. While data is a huge asset to a business, it can also attract negative attention by those who seek to exploit it. These sophisticated AI-powered attacks can make subtle changes – like altering the text of one email – and over time, corrupt data, thus opening the window for scammers to capture sensitive information and cause chaos in an organisation.

Darknet hoster Deep Hosting has claimed to have suffered a major security breach over the weekend which led to some of its customers’ data being compromised. […] “The attacker was able to access the server and execute a command with limited rights.” After nearly 24 hours, the site admins worked out what had happened and decided to disable the PHP function in question, patch all hosted sites and change all of their FTP and SQL passwords. Over 90 sites hosted by Deep Hosting appear to have been affected, including drugs marketplaces, malware repositories and carding forums.

California all-girls team helping tackle the cybersecurity problem from high school up

The team was one of 16 competing in the high school cybersecurity event sponsored by the Governor’s Office of Business and Economic Development (GO-Biz) along with an impressive list of businesses, state agencies and education partners committed to the state’s investment in cybersecurity. The California Cyber Innovation Challenge is part of a statewide campaign to expand access to technology career pathways for students and empower businesses to support cybersecurity education and training.

The job description is also a baseline that helps security team managers keep pace as many roles evolve. That’s especially true for information security analysts, also referred to as cybersecurity analyst, data security analyst, information systems security analyst or IT security analyst. According to the U.S. Bureau of Labor Statistics (BLS), the outlook for security analyst job seekers is bright. Demand for them is projected to grow 22 percent through 2020, compared to an average of 14 percent for all occupations.

Her counsel to Sherry Spencer irked the Neo-nazi movement and supporters of Richard Spencer. DailyStormer.com, a neo-Nazi propaganda website, launched a tirade against Gersh. […] But instead of making a run for it, Gersh decided to take a stand and fight. “Andrew Anglin has done this to so many people. I’m going to make sure it doesn’t happen to anybody else,” she says defiantly. Gersh sued Anglin after getting a go-ahead from the Southern Poverty Law Center, an Alabama-based organisation that monitors hate crimes across the country. […] Anglin has apparently fled town as lawyers for Gersh have said they cannot find him.

“We need to do a much better job understanding the tools the Russians are using and that others could use in the future to undermine democratic institutions and we need to work closer with our European allies who also are subjected to this threat.” The idea is to create a platform and repository of information about Russian political influence activities in the United States and Europe that can be the basis for cooperation and a resource for analysts on both sides of the Atlantic to push back against Russian meddling.

Jared Kushner Reportedly Is Being Investigated for Possibly Working with Russia to Target Cyber Attacks

Russia’s operation used computer commands knowns as “bots” to collect and dramatically heighten the reach of negative or fabricated news about Clinton, including a story in the final days of the campaign accusing her of running a pedophile ring at a Washington pizzeria. One source familiar with Justice’s criminal probe said investigators doubt Russian operatives controlling the so-called robotic cyber commands that fetched and distributed fake news stories could have independently “known where to specifically target … to which high-impact states and districts in those states.”

One in four will consider not voting in elections due to cybersecurity

The 27 percent of voters who agreed with that statement mark a 7 percent rise over a similar poll conducted in September. The poll, conducted by the firm Carbon Black, surveyed 5,000 respondents and has a margin of error of just under two percent. “There is no question, none, that the U.S. voting process is vulnerable,” Carbon Black Chief Executive Patrick Morley told The Hill.

Kaspersky Lab Says It’s a Pawn in the Game Between the U.S. and Russia

Kaspersky products have been removed from the U.S. General Services Administration’s list of vendors for contracts that cover information technology services and digital photographic equipment, an agency spokeswoman said in a statement. GSA’s priorities “are to ensure the integrity and security of U.S. government systems and networks,” the spokeswoman said. Government agencies will still be able to use Kaspersky products purchased separately from the GSA contract process.

Six major US airports now scan Americans’ faces when they leave country

According to the Associated Press, which first reported the plan on Wednesday, facial-scanning pilot programs are already underway at six American airports—Boston, Chicago, Houston, Atlanta, New York City, and Washington DC. More are set to expand next year. In a recent privacy assessment, DHS noted that the “only way for an individual to ensure he or she is not subject to collection of biometric information when traveling internationally is to refrain from traveling.”

Botnets distributing FlokiBot point-of-sale malware have awoken from months of slumber and are back in business spewing a new malware dubbed LockPoS. Researchers say the malware is still flying under the radar of many antivirus and intrusion detection systems because it’s so new. Currently, LockPoS is believed to be targeting Brazilian-based companies, according to Arbor Networks, a division of NetScout.

The researchers divided the techniques into four main categories — memory-only threats, fileless persistence, dual use tools, and non-PE file attack, according to the “ISTR Living off the land and fileless attack techniques” report. These tactics allow threat actors to create fewer new files on the hard disk meaning they have less chance of being detected by traditional security tools and minimize their likelihood of being blocked.

Cyber adversaries don’t make up new offensive attack sequences each time they target a new victim. They don’t invent new delivery schemes for each new attack, nor do they invent new zero-day exploits, new command and control infrastructure, new ways to move laterally, or new ways to exfiltrate data. Adversaries reuse the same attack sequences that worked on previous victims[.]

The issues in SAP POS, a series of missing authorization checks, could let an attacker access a service without authorization[.] The solution runs parallel to the company’s retail solution portfolio and is used by 80 percent of retailers in Forbes Global 2000, according to ERPScan. The vulnerabilities, which technically exist in the SAP solution’s Retail Xpress Server, could lead to information disclosure, privilege escalation and other attacks.

Exposed were text files logging calls made this year to Verizon call centers between Jan. 1 and June 22, O’Sullivan said. In most cases, the logs included the names, phone numbers and addresses of Verizon subscribers. In some cases, account personal identification numbers used to verify callers’ identities were also exposed, O’Sullivan said. […] Verizon said a “limited amount of personal information” had been left open to external access, as well as additional information that “had no external value.”

Verizon Communications Inc. (NYSE: VZ) dropped about 0.9% Tuesday to post a new 52-week low of $42.82 after closing at $43.20 on Monday. Volume was about 9.2 million, around 30% less than the daily average of more than 15 million shares. The telecom giant had no specific news.

Want more cybersecurity information?

We may also occasionally send you information about Critical Informatics products and solutions; you can unsubscribe at anytime if desired.Leave this field empty if you're human:

About Critical Informatics

We are world-class information security professionals providing Managed Detection and Response services to help you be secure, compliant, and resilient against threats to the life safety, life-sustaining, and quality-of-life systems and services you provide to clients, customers, constituents, and communities.